CWE-89
High likelihoodImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
19,735 vulnerabilities with CWE-89
CVE-2023-5781
MEDIUM
Tongda OA < 11.10 - SQL Injection via DELETE_STR Function
CVSS 6.3
CVE-2023-5780
HIGH
Tongda OA < 11.10 - SQL Injection via DELETE_STR Parameter
CVSS 7.3
CVE-2023-46584
CRITICAL
PHPGurukul Nipah Virus Testing Management System 1.0 - SQL Injection via new-user-testing.php Endpoint
CVSS 9.8
CVE-2023-4608
MEDIUM
ThinkSystem <v3 - Authenticated SQL Injection
CVSS 4.1
CVE-2023-46358
CRITICAL
Snegurka for PrestaShop <3.5.1 - SQL Injection
CVSS 9.8
CVE-2023-46347
CRITICAL
NDK Design for PrestaShop <1.5.6 - SQL Injection
CVSS 9.8
CVE-2023-43507
HIGH
ClearPass Policy Manager - SQL Injection
CVSS 7.2
CVE-2023-27262
CRITICAL
IDAttend IDWeb < 3.1.052 - Unauthenticated SQL Injection via GetAssignmentsDue Method
CVSS 9.8
CVE-2023-27260
CRITICAL
idweb < 3.1.052 - Unauthenticated SQL Injection via GetAssignmentsDue Method
CVSS 9.8
CVE-2023-27255
CRITICAL
IDAttend IDWeb < 3.1.052 - Unauthenticated SQL Injection via DeleteRoomChanges Method
CVSS 9.8
CVE-2023-27254
CRITICAL
idattend idweb < 3.1.052 - Unauthenticated SQL Injection via GetRoomChanges Method
CVSS 9.8
CVE-2023-26584
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26583
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26582
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26581
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26572
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26569
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-26568
CRITICAL
IDAttend's IDWeb <3.1.052 - SQL Injection
CVSS 9.8
CVE-2023-5700
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via GWLinkId Parameter
CVSS 5.5
CVE-2023-5693
MEDIUM
CodeAstro Internet Banking System 1.0 - SQL Injection via pages_reset_pwd.php Email Parameter
CVSS 6.3
CVE-2023-38190
HIGH
SuperWebMailer 9.00.0.01710 - SQL Injection
CVSS 8.8
CVE-2023-5682
MEDIUM
Tongda OA < 11.10 - SQL Injection via RECORD_ID Parameter
CVSS 5.5
CVE-2023-5681
MEDIUM
Netentsec NS-ASG Application Security Gateway 6.3 - SQL Injection via /admin/list_addr_fwresource_ip.php
CVSS 4.7
CVE-2023-37824
CRITICAL
sitolog_application_connect < 7.8.a - SQL Injection via activate_hook.php
CVSS 9.8
CVE-2023-4999
HIGH
Horizontal scrolling announcement < 9.2 - Authenticated SQL Injection via Shortcode Parameter
CVSS 8.8
Details
Vulnerabilities
19,735
Exploit Likelihood
High